The CSO typically represents physical security. The CISO typically
  represents non-physical security.

  Which is subordinate to the other?

  Many organizations defer the question. They see the two as separate
  regardless of the evidence. Perhaps it's because of the easily
  understood physical versus the harder to grasp non-physical.

  My opinion for most organizations is that the CSO is subordinate to the
  CISO. The ratio used to go the other way. Physical security is
  important. It can't be diminished. Yet Information Security &
  CyberSecurity ascends. Appreciating and dealing with physical security
  is a part of Information/Cyber Security.
  Also on:

  [1]Twitter
    __________________________________________________________________

  My original entry is here: [2]CSO and CISO: To whom does each report?.
  It posted Sun, 22 Apr 2018 08:53:43 +0000.
  Filed under: business,

References

  1. https://twitter.com/TokyoGringo/status/987978931230990336
  2. https://www.prjorgensen.com/?p=460

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.